Save Article

Tech Journal: How to Protect Your Emails

The odds that someone is snooping on your emails could be low, but even so, the communication may not be as private as you might like, says Amit Agarwal

When you send an email, it goes through your Internet Service Provider and a series of mail servers before reaching the recipient’s computer.

Can someone else – such as your network administrator, your ISP, or law-enforcement agencies – intercept and read that confidential message without you knowing?

The odds that someone is snooping on your emails could be low, but even so, the communication may not be as private as you might like. Here are some basic steps you can take to secure your emails:

First, turn on HTTPS Everywhere. When you access your email accounts over a secure HTTP connection (or https), all the traffic flowing between your computer and the mail server will be encrypted, so the bytes, if intercepted, appear as gibberish to any potential snooper.

Second, if you are accessing your email accounts on a public Wi-Fi network – like in a hotel lobby – it might be a good idea to use a VPN service to access the web. Unlike HTTPS, which works only for select websites, a VPN service will encrypt all traffic between your computer and the Internet, protecting your data from the Wi-Fi eavesdroppers. TunnelBear is free VPN software available for PCs and Macs. It doesn’t require configuration – all you have to do is turn the knob to “ON” and you are protected.

More In Tech Journal

Next, if you are sending confidential messages via email, you should encrypt them before they leave the computer. Encryption may sound like a complex word to most users, but the concept is easy to understand and implement.

It works something like this: Write an email message in plain text and an encryption program will scramble your words into something incomprehensible. When you send this encrypted email, the intended recipient can apply a secret key to reveal your original message. If the message is intercepted, the text won’t make any sense without that secret key.

There are different algorithms to encrypt messages but the most popular and secure of them all is PGP, or Pretty Good Privacy.

To get started, you need to enter your email address and a secret passphrase, which the PGP program will use to generate a unique public key and a private key for you. Share this public key among friends with whom you wish to exchange encrypted messages. They can also generate their own public and private keys using their email addresses (and secret passphrases) and then pass on the public key to you. This is a one-time process.

You can now compose an email message as before, but before hitting the send button, let the PGP program scramble your message using the public key of your friend. When this scrambled message reaches their mailbox, they can easily decrypt it using their private key. If they want to send a reply to you, the process will be similar except they will now use your public key to encrypt the reply message.

That’s broadly how PGP works. Implementing it is simple with Mailvelope, a Chrome add-on that integrates encryption and decryption capabilities into your web email program. The add-on will generate your secret keys, store the keys of your friends and, best of all, it will automatically detect incoming messages that contain encrypted text, allowing you to decrypt them with a click.